- Visit SANS, Sophos, SC magazine, and InfoSecurity magazine websites to sign up for news feeds -
25 July 2014 - Laptop stolen from Self Regional Healthcare contained patient data
South Carolina-based Self Regional Healthcare (SRH) is notifying at least 500 patients that their personal information – including Social Security numbers and financial data – was on a laptop stolen from an SRH facility.
24 July 2014 - Rhode Island hospital to pay $150K for past data breach
A Rhode Island hospital must pay $150,000 after a data breach compromised more than 12,000 Massachusetts residents' personal information. Patients' names, dates of birth, Social Security numbers, exam dates, physicians' names and ultrasound images were compromised in November 2012, according to a Massachusetts release. In 2011, the Women & Infants Hospital of Rhode Island shipped 19 unencrypted back-up tapes to its parent company's office in order to be eventually archived. The tapes contained the personal and health information of more than 12,000 Massachusetts residents.
14 July 2014 - Hotels Urged to Check Business Center Computers for Malware
An advisory from the US Secret Service and the National Cybersecurity and Communications Integration Center warns organizations in the country's hospitality sector that computers available for hotel guests'
use in their hotels are likely being infected with keystroke loggers.
The advisory was issued after suspects who had managed to compromise public use computers in hotels were arrested in Texas. The advisory urges hotels to check the computers in their business centers.
9 July 2014 - Prison Time for Man Convicted in Phishing Case
A US District Judge sentenced Iulian Schiopu to nearly four years in prison for his role in a phishing scheme. Schiopu was arrested in Sweden in May 2013 and was extradited to the US four months later.
18 June 2014 - San Diego hospital breach investigation reveals second incident, both human error
Nearly 20,000 patients of Rady Children's Hospital (RCH) in San Diego are being notified that their personal information was erroneously included in emails sent to job applicants
17 June 2014 - Email sent to wrong address, data on more than 35K Calif. students at risk
More than 35,000 Riverside Community College District (RCCD) students in California are being notified that their personal information – including Social Security numbers – was included in an email that was sent to the wrong external email address.
13 June 2014 - Prison Sentence for Former Microsoft Employee Who Leaked Information to Blogger
A former Microsoft employee has been sentenced to three months in prison for leaking sensitive information. Alex Kibkalo worked for Microsoft in Russia and Lebanon. He provided a French blogger with several updates prior to their release dates; he leaked the information because he was unhappy with having received an unsatisfactory performance review.
Kibkalo has been in custody since his March 19 arrest, so the majority of his sentence has already been served. When Kibkalo is released, he will be deported to Russia.
12 June 2014 - Stolen thumb drive contained five years of data on nearly 34K Calif. patients
Nearly 34,000 patients who received X-ray services at California-based Redwood Regional Medical Group are being notified that their personal information was on a thumb drive that was stolen from an employee's locker.
10 June 2014 - Man Admits to Stealing eMail Credentials and Fraudulent Activity
Attackers were able to exploit weaknesses in systems at US government agencies to trick employees at the Environmental Protection Agency (EPA) and Census Bureau into revealing their email account access credentials.
The attackers used the accounts to order nearly US $1 million worth of office supplies, which they sold online. One man has admitted to offenses related to the scheme; he faces up to 20 years in prison. Some government agencies have not implemented encryption and verification procedures on webpages and email, enabling this sort of attack.
10 June 2014 - Bank of Montreal ATM Hacked with Weak Password
A story in the Winnipeg Sun describes how two local teenagers put a Bank of Montreal ATM into operator mode using an easily-guessed password.
10 June 2014 - Penn State Hershey employee takes data home, puts 1,801 patients at risk
About 1,800 patients of Penn State Hershey Medical Center are being notified that their information had the potential to be compromised because a clinical laboratory technician had been working with the data from home, outside the secured Penn State Hershey system.
9 June 2014 - Cyber Crime Costs Global Economy $445B
Cyber crime has a significant impact on economies worldwide. A new report from the Center for Strategic and International Studies (CSIS) concludes that cyber crime costs businesses approximately $445 billion worldwide, with an impact on approximately 150,000 jobs in the EU and 200,000 jobs in the U.S.
9 June 2014 - Facebook Stupidity Leads to Largest Gang Bust in NYC History
a long trail of quite helpful Facebook postings about crimes that lead New York City police to what authorities are calling "the largest gang takedown in New York City's history."
9 June 2014 - Town Refuses to Pay Crypto Ransom for Police Computers
The town manager of a hamlet in south eastern New Hampshire has defied demands that he pay a ransom to recover police department computer files taken hostage by Cryptowall, a newer piece of malware that encrypts hard drive contents of infected machines until victims pay for them to be decrypted.
30 May 2014 - CryptoDefense ransomware targets vulnerable Java users
CryptoDefense, a variant of CryptoLocker, was used by saboteurs to rake in more than $34,000 between February and March, Symantec researchers found. Now, analysts at Bromium Labs warn the malware, which holds victim files hostage by employing public-key cryptography using strong RSA encryption, is being delivered to users via a Java exploit.
30 May 2014 - Home Depot staffer fired, tapped 30,000 accounts, shared card data
Home Depot, which last experienced an insider breach in February, has fired and is prosecuting an employee who, for two weeks in May, accessed information on more than 30,000 customer accounts.http://www.scmagazine.com/home-depot-staffer-fired-tapped-30000-accounts-shared-card-data/article/349253/?DCMP=EMC-SCUS_Newswire
30 May 2014 - Study: 432M hacked accounts in a year, large part of U.S. at risk
The bleak figure was said to be a conservative estimate by the Ponemon Institute, which calculated the findings at the request of CNNMoney. According to the outlet, the number of hacked accounts among impacted Americans topped 432 million accounts during that time period.
30 May 2014 - French Spy on US Companies, Too
State-sponsored French hackers are probably the most “capable” of stealing the business secrets of American companies, after China, according to former CIA director and defense secretary, Robert Gates.
29 May 2014 - US Cyber Crime Rising Faster than Resistance
The 12th annual survey of cybercrime trends found that online attackers determined to break into computers, steal information and interfere with business are more technologically advanced than those trying to stop them.
28 May 2014 - iPhones and iPads Held Hostage
Some owners of iPhones and iPads have found their devices held hostage by malware that locks them until the demand, usually about US $100, is paid. The attacker exploited the Find My iPhone feature to launch the attack, which has mainly affected people in Australia. While it is not clear how the attacker obtained the information used to launch the attacks, there is speculation that it was obtained in a breach and it would affect users who use the same set of credentials for multiple accounts. Apple denied that its iCloud service has been breached. Apple Australia recommends that users change their Apple ID passwords.
21 May 2014 - eBay Criticized for Handling of Breach
eBay has met with widespread criticism for the way it handled a breach that exposed user data. On May 21, eBay acknowledged that a database containing user passwords and personally identifiable information was compromised. The intrusion occurred in February or March of this year.
eBay became aware of the breach earlier this month. The company was taken to task for delaying notification for so long and for the labyrinthine process users had to navigate to change their passwords.
Furthermore, the volume of users trying to change their passwords was at one point overwhelming eBay's system. People want to know why they did not detect the intrusion for three months, but eBay and the FBI have not been forthcoming with details about the breach.
14 May 2014 - Google Drawing Harder Line on Suspicious Google Apps Logins
Google is imposing stronger requirements on Google Apps logins that appear suspicious. If the company suspects that a login attempt is being made by someone other than an account's legitimate user, Google will ask the person logging in to enter a verification code sent via SMS to authenticate their identity, even if users have not activated that security feature. Google will eventually roll out the stricter login requirements to all its domains.
9 May 2014 - Canadian Teens Face Charges in SWATting Attacks
A teenager in Canada has been arrested in connection with making bomb threats and placing calls to emergency services reporting phony life-threatening situations, which is known as "SWATting." The teen allegedly placed at least 30 such calls, which caused law enforcement agencies to deploy SWAT teams to locations of the teen's choosing. Two other teenagers are facing similar charges.
8 May 2014 - New York Hospitals Pay US $4.8 Million Fine for HIPAA Violation
New York Presbyterian Hospital and Columbia University Medical center have paid US $4.8 million in a settlement with the US Department of Health and Human Services for violations of the Health Insurance Portability and Accountability Act (HIPAA). Patient data were unintentionally exposed when a doctor tried to deactivate a computer he personally owned from a network segment that held roughly 6,800 patients' lab results, medication data, and other sensitive information.http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_
7 May 2014 - Ransomware Hitting Androids
Ransomware is now targeting devices running the Android mobile operating system. The malware delivers a screen with a message that appears to come from a law enforcement agency, informing users that they have been caught viewing illegal content and that their devices will be blocked until they pay US $300. The current version of the malware does not actually lock up the devices, but the ransom screen pops up continually.
Devices become infected when users visit certain pornography websites where they are asked to install an APK that claims to be a video player.
To become infected, users must allow out-of-market apps and manually install the APK. Versions of the malware have also been detected in Germany, Italy, Poland, the UK, and the United Arab Emirates with messages customized for each country.
2 May 2014 - Attack Targets Facebook Users in India
50,000 to 100,000 likes for various pages.
30 April 2014 - Study Shows More than 40 Percent of Identity Theft is Medical-Related
A survey recently released by the Identity Theft Resource Center found that 43 percent of all identity thefts reported in the US in 2013 were medical-related. Stolen medical identity information has been used to obtain treatment and prescription medicines; medical identity fraud also places incorrect information in the patients health records.
29 April 2014 - Phishing Scheme Used VoIP to Steal Debit Card Data
In a new variation on phishing campaigns, thieves used text messages and VoIP (voice over Internet protocol) calls to steal debit card data from customers of a number of US financial institutions. The targeted bank customers received text messages telling them their debit card has been deactivated and were given a phone number to call to reactivate the card. The number sent them to an interactive voice response (IVR) system that asked for their debit card number and PIN.
28 April 2014 - AOL Says User Data Were Stolen
AOL now says that the attackers who sent spoofed email that appeared to come from AOL addresses compromised account information of at least two percent of AOL users. Compromised data include email addresses, contact lists, encrypted passwords, and encrypted answers to security questions.
AOL is urging all users to change their passwords and security questions.
25 April 2014 - Stanford's New Password Policy
Stanford University has implemented a new password policy. Users will be permitted to have extremely long (20 characters or more) passwords and not be subject to character complexity requirements: using upper- and lower-case letters, numbers, and symbols. Short (eight character) passwords must fulfill the all complexity requirements. The requirements drop at 12, 16, and 20 characters. All passwords will be vetted to ensure that they are not common or too weak.
25 April 2014 - Nine Sentenced for Roles in Barclays Thefts
Tony Colston-Hayter has been sentenced to five and a half years in prison for orchestrating a GBP 1.25 million (US $2.1 million) theft from two branches of Barclays bank in April and July of 2013. Pretending to be tech support contract employees, Colston-Hayter and his accomplices placed keyboard video mouse (KVM) switches and wireless routers on computers in the targeted banks to gain access to the bank's internal system and steal the information they used to empty six bank accounts.
Less than half of the funds have been recovered. Eight accomplices have also been sentenced; their punishments range from suspended sentences to eight years in prison. Three more people are slated to be sentenced in June.
21 April 2014 - Malware Steals Apple ID Credentials from Jailbroken iOS Devices
Malware detected in the wild steals Apple ID credentials from jailbroken iPhones and iPads. The malware is being called "unflod," which is the name of a library that it installs on infected devices. Unflod was detected after users reported repeated crashes of jailbroken iOS devices. Users noticed that the problems began occurring after they installed jailbroken-specific customizations, also known as tweaks, that came from someplace other than Cydia, an alternative Apple App Store store for jailbroken iOS devices.
4 Mar 2014 - Thousands of Wireless Routers Hijacked
More than 300,000 wireless routers used in homes and in small office settings have been compromised. The attack reconfigured the DNS settings on D-Link, Micronet, Tenda, TP-Link, and other devices. So far, the compromised routers have not been used for any malicious purpose, but they could be used to redirect users to sites that try to steal financial account access information. Most of the compromised routers are in Eastern Europe, Vietnam, and Europe.
4 Mar 2014 - Illinois Bank Urges People to Stop Using Credit Cards in Cabs in Chicago
First American Bank in Illinois is urging cab riders in Chicago to avoid paying with credit or debit cards, warning of an ongoing data breach that seems to be connected with card processing systems used by a large number of taxis in Chicago. First American became aware of the situation in early February when several customers complained about fraudulent charges on their accounts. The commonality among the cards was having been used in Chicago taxis. The bank has begun cancelling the cards of customers who charge taxi fare and issuing them new ones. The bank has reported the issue to MasterCard.
21 Feb 2014 - Malicious Apps in Google Play Store
Between 2011 and 2013, the percentage of malicious apps in the Google Play store increased by nearly fourfold, from 2.7 percent in 2011 to 12 percent in 2013. Over that same period of time, the number of malicious apps that Google removed dropped from 60 percent to 23 percent. The decline in removal of malicious apps could be explained by the fact that malware purveyors are using methods of infection that elude traditional detection tools.
10 Feb 2014 - North Carolina Law Firm Loses "All Documents" to Cryptolocker
A law firm in North Carolina has reported losing all of its legal documents to the Cryptolocker ransomware, even though the company tried to pay the US $300 ransom. Because the firm's IT staff attempted to decrypt the files, by the time the decision was made to pay the ransom, the three-day ransom deadline period had expired.
7 Feb 2014 - Phony Army Benefits Website May Have Stolen Credentials
A website set up to mimic a US Army benefits site may have managed to trick soldiers into providing their personal information. The site, which called itself My Army Benefits, bears a name nearly identical to a real site, myarmybenefits.us.army.mil. The fraudulent site, which included a misspelled word in its name, collected soldiers' Army Knowledge Online (AKO) access credentials.http://www.nextgov.com/defense/2014/02/warning-sham-my-army-benefits-site-could-steal-your-credentials/78488/?oref=ng-HPtopstory
7 Feb 2014 - PCI Standard Compliance Treated as Annual Hurdle, Not Consistent Practice
According to a report from Verizon, most companies that attain annual compliance with the Payment Card Industry Data Security Standard (PCI
DSS) do not maintain that compliance over the course of the following year. Verizon based its report on PCI compliance assessments it conducted on more than 500 organizations between 2011 and 2013.
According to the data, just over 11 percent of organizations maintained compliance between annual assessments. The problem is that many organizations treat compliance as an annual test rather than a "continuous risk management effort."
6 Feb 2014 - Wireless Devices Attacked at Sochi
Proving correct predictions that wireless devices will be targeted by cyber criminals at the Sochi Olympics, NBC foreign correspondent Richard Engel found that two laptops and his smartphone were quickly compromised with malware that enabled attackers to use the devices to eavesdrop and access data on the devices. The laptops were probed within minutes of connecting to the Internet, and soon after, Engel received a phishing message. A researcher who accompanied Engel has acknowledged that the laptops were fresh out of the box with no updates and no security software, and that the phone was compromised after the user agreed to install an .apk from a Sochi website. Even so, visitors to Sochi are likely to face a barrage of attempted cyber attacks.
31 Jan 2014 - California High School Students Expelled for Using Keystroke Logger
Eleven Corona del Mar High School students have been expelled for placing keystroke loggers on teachers' computers and using the credentials obtained from the loggers to change grades and access exams.
No charges have been filed at this point, although police have obtained search warrants, which suggests they may pursue felony counts against the students. A private tutor has also been implicated in the case.
30 Jan 2014 - Eleven People Arrested in eMail Hacking-for-Hire Schemes
Eleven people have been arrested in four countries in connection with several websites that offered to gain access to email account passwords.
In the US, five people have been arrested. Two have been charged with operating websites that advertised the services, and the three others have been charged for using similar services offered on websites hosted outside the US. Four people were arrested in Romania, and one person each in India and China.
30 Jan 2014 - Yahoo Resetting Passwords After Compromise Attempts
Yahoo has reset passwords for Yahoo Mail accounts that appear to have been compromised. Yahoo said that the attackers had likely stolen usernames and passwords from a third-party database and attempted to use the information to log into Yahoo Mail accounts. Users whose accounts were affected received messages from Yahoo notifying them of "unusual activity on the network."
Internet Storm Center:
27 Jan 2014 - Laptops Stolen From Coca-Cola Contained Unencrypted Employee Data
The theft of unencrypted laptops from the Coca-Cola Company has compromised personal information of about 74,000 current and former employees. The data on the computers include names, Social Security numbers (SSNs) and driver's license numbers. A former employee who had been responsible for maintaining and decommissioning equipment took the computers; they have since been recovered.
24 Jan 2014 - Stolen Laptop Contains Health Data of 620,000 Alberta, Canada Residents
A laptop stolen from an IT consultant contains unencrypted health data of 620,000 residents of Alberta, Canada. The data include names, birth dates, provincial health card numbers, and diagnostic codes. The Medicentres Family Health Care Clinics notified Edmonton police and the Alberta Information Privacy Commissioner about the incident on October 1, 2013, but Alberta's health minister was informed just last week.
24 Jan 2014 - CNN Blogs and Social Media Accounts Hijacked
Members of the Syrian Electronic Army (SEA) used phished passwords to social media accounts from CNN employees. The phishing messages were well written and appeared to come from other CNN employees. The compromised accounts were used to post propaganda; the unauthorized posts were removed minutes after they appeared.
23 Jan 2014 - Study Says France's Three-Strike Policy Has Not Curbed Piracy
A study of French Internet users found that the country's "three-strikes" anti-piracy policy has had little to no effect on users obtaining pirated content. The policy "has not deterred individuals from engaging in digital piracy [nor has it lessened] illegal activity of those who did engage in piracy," according to the report's authors, researchers at the University of Delaware and the University of Rennes.
The report does mention another study that found a 20-25 percent increase in sales of French music on iTunes shortly before the law took effect, but they say it was due to "public education efforts" instead of the law itself.
23 Jan 2014 - Cross-Platform Malware Targeting Android Devices
Researchers have detected malware that can jump from Windows PCs to Android handsets through USB connections. The malware, known as the Fakebank Trojan, uses a developer tool called Android Debug Bridge to send the malware from the PC to the Android device. The malware is designed to seek out certain Korean banking applications. If the apps are found on the device, users are prompted in install an update, which is a malicious version of the app. Fakebank also monitors SMS messages.
21 Jan 2014 - Thirteen People Indicted in Gas Pump Bluetooth Skimming Scheme
Thirteen people have been indicted in connection with a gas pump card-skimming scheme. The Bluetooth-enabled skimming devices were placed on gas pumps at stores in states in the southern US; those behind the scheme allegedly used the information from the skimmers to make more than US $2 million in fraudulent ATM withdrawals.
20 Jan 2014 - South Korean Credit Bureau Employee Arrested For Allegedly Selling Personal Data to Telemarketers; Executives Resign
An employee of South Korea's Korea Credit Bureau has been arrested for allegedly selling personal information he had access to while working at the company. The breach appears to have affected as many as 20 million people. The compromised information includes names, credit card numbers, and expiration dates. The temporary employee allegedly stole information from the servers of KB Kookmin Card, Lotte Card, and NH Nonghyup Card, and sold the data to phone marketing companies. Managers of the phone marketing companies have been arrested as well.
14 Jan 2014 - Study Says US Government Workers Do Not Practice Good Mobile Device Security
According to a study from the Mobile Work Exchange, many US federal government employees are not taking appropriate measures to secure their mobile devices, despite established security policies. The report, commissioned by Cisco Systems, focused on tablets, smartphones, and laptops. While physical security seems to be more entrenched - 86 percent of the workers lock their computers while away from their desks
- - more than 40 percent of the 155 government workers surveyed use their mobile devices in ways that put their agencies and the devices at risk for a breach. Issues include using public wireless networks, failure to employ multi-factor authentication or encryption, and 25 percent do not use passwords for their devices. Also, downloading personal apps and opening messages from senders they do not know.
12 Jan 2014 - Target Says Malware Found of Point-of-Sale Terminals
Target is now acknowledging that there was malware on its point-of-sale terminals. In addition, the breach, already one of the largest known breaches of payment card data to date, affected as many as 110 million Target customers, nearly three times the initial estimate. Target CEO Gregg Steinhafel says the company is planning "significant changes" in response to the breach, but did not elaborate.
11 Jan 2014 - Neiman Marcus Investigating Payment Card Data Breach
Neiman Marcus says that it was also targeted in a data breach over the past few months. The retailer says its database was infiltrated in December. As in the Target breach, the attack affects people who shopped in physical stores but not online shoppers. Neiman Marcus is working with the Secret Service to investigate the breach.
10 Jan 2014 - Cisco Warns of Vulnerability in Several Devices
Cisco has issued a security advisory warning of a vulnerability in some of its small business devices. The flaw could be exploited to gain root access to WAP4410N Wireless-N Access Points, WRVS4400N Wireless-N Gigabit Security Routers, and RVS4000 4-port Gigabit Security Routers.
There are presently no workarounds for the issue, but Cisco says it will release updates to fix the problem by the end of the month.
Internet Storm Center: https://isc.sans.edu/forums/diary/Cisco+Small+Business+Devices+backdoor+fix/17399/
8 Jan 2014 - When Support for Windows XP Ends in April,
Microsoft Will Also Pull Security Essentials for XP
In what appears to be a concerted effort to urge users to upgrade from Windows XP to a more current version of the operating system, Microsoft has announced that when is stops supporting XP in April, it will also cease support for Security Essentials on XP.
7 Jan 2014 - New Hampshire Town Lost Files to CryptoLocker
A New Hampshire town has lost eight years worth of computer files to the CryptoLocker ransomware. An employee at the Greenland, NH, town hall opened an attachment accompanying an email purporting to be from AT&T on December 26. The system administrator did not learn about the issue until four days later, after the deadline for paying the ransom had expired.
2 Jan 2014 - Snapchat Data Stolen; App Will Be Updated
A database of Snapchat 4.6 million usernames and some associated telephone numbers with the last two digits blurred has been posted online. The site where the stolen data were posted has been taken down.
The people behind the attack say they exploited recent changes made to Snapchat to access the information. A message on Twitter from Snapchat CEO Evan Spiegel says that the company is "working with law enforcement [and] will update when we can."